IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Add detection for users from trusted/invalid realms

Browse Source 
When user from other realm than FreeIPA's tries to use Web UI
(login via forms-based auth or with valid trusted realm ticket),
the 401 Unauthorized error with X-Ipa-Rejection-Reason=denied
is returned.

Also, the support for usernames of the form user@SERVER.REALM
or user@server.realm was added.

https://fedorahosted.org/freeipa/ticket/3252
This commit is contained in:
Tomas Babej
2012-11-15 05:21:16 -05:00
committed by Rob Crittenden
parent 152585e731
commit 0292ebd1e5
4 changed files with 55 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
ipalib/util.py
View File

@@ -105,6 +105,21 @@ def validate_host_dns(log, fqdn):
)
raise errors.DNSNotARecordError()
def normalize_name(name):
result = dict()
components = name.split('@')
if len(components) == 2:
result['domain'] = unicode(components[1]).lower()
result['name'] = unicode(components[0]).lower()
else:
components = name.split('\\')
if len(components) == 2:
result['flatname'] = unicode(components[0]).lower()
result['name'] = unicode(components[1]).lower()
else:
result['name'] = unicode(name).lower()
return result
def isvalid_base64(data):
"""
Validate the incoming data as valid base64 data or not.